Arrests of alleged spies draws attention to long obscure field of steganography

Steganography expert Gary C. Kessler took a picture of a lined butterflyfish. Then, using standard, publicly available steganography software, he embedded within the image of the fish a map image of the Burlington, Vt., International Airport. It is impossible for the naked eye to tell that the image of the fish has been tampered with.
(Courtesy of Gary C. Kessler)

To demonstrate how steganography works, Gary C. Kessler, a computer foresnsics consultant, used publicly available steganography software to embed this map image of the Burlington, Vt., International Airport in an image of the fish. If the map were a secret message being sent by one spy to another, the receiver would have to run the fish image through similar software to extract the map image.
(Courtesy of Gary C. Kessler)

A year ago in April, the government says, the accused operative known as Richard Murphy and his supposed wife, "Cynthia Murphy," booted up a computer in their comfy suburban Montclair, N.J., home. They visited a publicly available Web site and clicked on a picture. It looked innocent enough. It could have been a bunny rabbit, say, or a sunset. Anything at all.

Applying special software, the government says, they coaxed words from the innocuous imagery, a text file. Moscow was calling. A secret meeting in a suburban New York train station was proposed:

"C plans to conduct a flash meeting w/A to pass him $300K from our experienced field station rep (R). Half of it is for you. Another half is to be passed to young colleague (known to you) in fall '09-winter '10. . . .

"A and R meet in lower part of staircase, in dead zone. R hands over and A gets pack w/money (A's BN [Barnes and Noble] bag stays in your hands, A hides pack w/money into his tote)."

Pictures used to be worth a thousand words. Now, in the new world of espionage, they are a thousand words. The medium is the message.

And, as the Justice Department's case unfolds against 11 alleged Russian clandestine operatives, we all are learning a fancy new word: steganography.

It's the practice of hiding information in otherwise unremarkable objects or media. It's not to be confused with cryptography, the practice of encoding messages to protect them from prying eyes. The art of steganography is to fool the prying eyes into thinking no message is being passed at all.

According to the FBI's complaint against nine of the defendants, investigators recovered more than 100 text files that had been embedded in steganographic images and exchanged between the Murphys and their alleged controllers in the Moscow headquarters of a Russian intelligence agency. Another pair of alleged conspirators, working out of Boston, are said to have communicated the same way with headquarters, as did a third pair, in Seattle.

The FBI has not described the pictures that cloaked the messages, except to say that they "appear wholly unremarkable to the naked eye."

Some of the suspects' tradecraft reads like a bad le Carré parody. Analysts are snickering at the furtive handoffs of shopping bags, the invisible ink, the buried loot, the contrived dialogue to verify identities ("Could we have met in Malta?" "Yes, indeed, I was in La Valetta").

But the extensive use of steganography is drawing more respectful notice.